CVE-2025-36463

Name of the Vulnerable Software and Affected Versions Dell ControlVault3 versions prior to 5.15.14.19 Dell ControlVault3 Plus versions prior to 6.2.36.47

Description The software contains out-of-bounds read and write issues within the ControlVault WBDI Driver Broadcom Storage Adapter functionality. A crafted WinBioControlUnit call can cause memory corruption. The issue is triggered when submitting a WinBioControlUnit call to the StorageAdapter with the ControlCode 4 (WBIO USH ADD RECORD) and with 0 < SendBufferSize < 104. This can lead to reading past the end of the SendBuffer. Exploitation may be limited to a Denial of Service. The API call to trigger this is to the WinBioControlUnit endpoint.

Recommendations Update Dell ControlVault3 to version 5.15.14.19 or later. Update Dell ControlVault3 Plus to version 6.2.36.47 or later.